Christine M. Cumming and Beverly J. Hirtle

The Challenges of in Diversified Financial Companies

• Although the benefits of a consolidated, or n recent years, financial institutions and their supervisors firmwide, system of are Ihave placed increased emphasis on the importance of widely recognized, financial firms have consolidated risk management. Consolidated risk traditionally taken a more segmented management—sometimes also called integrated or approach to risk measurement and control. enterprisewide risk management—can have many specific meanings, but in general it refers to a coordinated process for • The cost of integrating information across measuring and managing risk on a firmwide basis. Interest in lines and the existence of regulatory consolidated risk management has arisen for a variety of barriers to moving capital and liquidity within reasons. Advances in information technology and financial a financial appear to have engineering have made it possible to quantify more discouraged firms from adopting consolidated precisely. The wave of mergers—both in the United States and risk management. overseas—has resulted in significant consolidation in the financial services industry as well as in larger, more complex financial institutions. The recently enacted Gramm-Leach- • In addition, there are substantial conceptual Bliley Act seems likely to heighten interest in consolidated risk and technical challenges to be overcome in management, as the legislation opens the door to combinations developing risk management systems that of financial activities that had previously been prohibited. can assess and quantify different types of risk This article examines the economic rationale for managing across a wide range of business activities. risk on a firmwide, consolidated basis. Our goal is to lay out some of the key issues that supervisors and risk management • However, recent advances in information practitioners have confronted in assessing and developing technology, changes in regulation, and consolidated risk management systems. In doing so, we hope to breakthroughs in risk management clarify for a wider audience why the ideal of consolidated risk methodology suggest that the barriers to management—which may seem uncontroversial or even consolidated risk management will fall obvious—involves significant conceptual and practical issues. during the coming months and years. We also hope to suggest areas where research by practitioners and academics could help resolve some of these issues.

Christine M. Cumming is an executive vice president and the director of The authors would like to thank Gerald Hanweck, Darryll Hendricks, Chris research and Beverly J. Hirtle is a vice president at the Federal Reserve McCurdy, Brian Peters, Philip Strahan, Stefan Walter, Lawrence White, and of New York. two anonymous referees for many helpful comments. The views expressed are those of the authors and do not necessarily reflect the position of the Federal Reserve Bank of New York or the Federal Reserve System.

FRBNY Economic Policy Review / March 2001 1 The approach we take is to review the arguments made by views, using a simple portfolio model to help illustrate the supervisors and the financial industry in favor of consolidated economic rationale behind consolidated risk management. risk management. While both parties agree on the importance Next, we discuss the constraints that have slowed many of this type of risk management, this support seems to be financial institutions in their implementation of consolidated motivated by quite different concerns. Supervisors appear to risk management systems. We conclude with a discussion of support it out of a safety-and-soundness concern that the major technical challenges and research questions that will significant risks could be overlooked or underestimated in the need to be addressed as an increasing number of financial firms absence of firmwide risk assessment.1 In contrast, financial implement firmwide risk management systems. institutions appear willing to undertake significant efforts to

Our goal is to lay out some of the key Consolidated Risk Management: issues that supervisors and risk Definitions and Motivations management practitioners have confronted in assessing and developing At a very basic level, consolidated risk management entails a coordinated process of measuring and managing risk on a consolidated risk management systems. firmwide basis. This process has two distinct, although related, dimensions: coordinated risk assessment and management across the different types of risk facing the firm (, develop consolidated risk management systems because they risk, , ), and integrated risk believe that those systems will help them assess the risk and evaluation across the firm’s various geographic locations, legal return of different business lines and thus allow them to make entities, and business lines. In theory, both dimensions must be more informed decisions about where to invest scarce addressed to produce a consolidated, firmwide assessment of 2 resources to maximize profits. While these two views may risk. In practice, few financial firms currently have in place a reflect quite different underlying motivations for supporting consolidated risk management, we argue below that they result in a common emphasis on the importance of accurate The absence thus far of fully implemented assessments of risk. Although both supervisors and financial institutions consolidated risk management systems support the concept of consolidated risk management, few if suggests that there are significant costs or any financial firms have fully developed systems in place today. obstacles that have historically led firms to The absence thus far of fully implemented consolidated risk management systems suggests that there are significant costs or manage risk in a more segmented fashion. obstacles that have historically led firms to manage risk in a more segmented fashion. We argue that both information costs and regulatory costs play an important role here by affecting consolidated risk management system that fully incorporates the -off between the value derived from consolidated risk both dimensions, although many large institutions—both in management and the expense of constructing these complex the United States and overseas—appear to be devoting risk management systems. In addition, there are substantial significant resources to developing such systems (Joint Forum technical hurdles involved in developing risk management 1999a).3 systems that span a wide range of and types of risk. To understand consolidated risk management, it is Both of these factors are evolving in ways that suggest that the important to recognize the distinction between risk barriers to consolidated risk management are increasingly measurement and risk management. Risk measurement entails likely to fall over the coming months and years. the quantification of risk exposures. This quantification may The remainder of this article is organized as follows. In the take a variety of forms—value-at-risk, earnings-at-risk, stress next section, we describe the concept of consolidated risk scenario analyses, duration gaps—depending on the type of management in greater detail and provide a more in-depth risk being measured and the degree of sophistication of the discussion of the views of supervisors and the financial industry estimates. Risk management, in contrast, refers to the overall about this process. We then offer a critical analysis of these process that a financial institution follows to define a business

2 The Challenges of Risk Management strategy, to identify the risks to which it is exposed, to quantify for describing the risk management process to encompass the those risks, and to understand and control the nature of the role of business strategy and the activities of business line risks it faces. Risk management is a series of business decisions, decision makers.6 The Committee also set out an approach to accompanied by a set of checks and balances—risk limits, the supervisory review of a bank’s internal assessment of capital independent risk management functions, risk reporting, adequacy in light of a firm’s overall risks as the second pillar of review and oversight by senior management and the board of the proposed new capital adequacy framework (Basel directors—in which risk measurement plays an important, Committee on Banking Supervision 1999b). although not all-encompassing, role. Thus, consolidated risk Recently, an international forum of banking, securities, and management involves not only an attempt to quantify risk supervisors issued a report containing principles that across a diversified firm, but also a much broader process of supervisors should follow to ensure that financial business decision making and of support to management in conglomerates are adequately identifying and managing risk. order to make informed decisions about the extent of risk taken The report’s lead recommendation is that “supervisors should both by individual business lines and by the firm as a whole. take steps . . . to provide that conglomerates have adequate risk Recent trends in the financial services industry have management processes in place to manage group-wide risk increased the challenges associated with this process. To begin, concentrations” (Joint Forum 1999a). financial institutions increasingly have the opportunity to The rationale offered by supervisors for the importance of become involved in a diverse range of financial activities. In the consolidated risk management seems to be a concern that, in United States, bank holding companies have been able to the absence of a firmwide assessment, significant risks could be combine traditional banking and securities activities since the late 1980s, when the Federal Reserve permitted the creation of “Section 20” securities subsidiaries. The Gramm-Leach-Bliley Consolidated risk management involves Act will now enable affiliations involving banking, securities, not only an attempt to quantify risk across and insurance in so-called financial holding a diversified firm, but also a much broader companies (FHCs). Such combinations of diverse financial activities present significant challenges to consolidated risk process of business decision making and management systems, as greater diversity often means that the of support to management in order to system must encompass a wider range of risk types.4 make informed decisions about the extent Consolidation in the financial services industry has produced institutions with operations spanning large of risk taken both by individual business geographic areas, both domestically and internationally. Such lines and by the firm as a whole. wide geographic dispersion, especially across time zones, can make it difficult for a firm’s management to keep track of the activities across all of its operating centers. Financial overlooked or underestimated. The Joint Forum report, for institutions have responded to this situation by increasing the instance, argues that “the additive nature of concentrations and resources devoted to information systems designed to track the risk of transmission of material problems within a and monitor exposures worldwide. Indeed, the development of point to the value of both conglomerate coordinated information systems is one of the most important management and supervisors conducting a group-wide steps in consolidated risk management. assessment of potential concentrations” (Joint Forum 1999a). The supervisory community has advocated that financial The underlying concern is that such underestimated or institutions adopt consolidated risk management procedures overlooked risks receive insufficient management attention in the guidance it has published in the 1990s, especially and have the potential to produce unexpectedly large losses guidance for banking companies. In the United States, these that could threaten the firm’s financial health. efforts began in 1993 with guidelines for supervisors evaluating practitioners also cite the interdependent risk management in derivatives and trading activities, and have nature of risks within an organization as a motivation to continued to date, most recently with a 1999 Federal Reserve develop consolidated risk management systems. For instance, paper containing broad conceptual guidelines for evaluating echoing sentiments in the supervisors’ Joint Forum report, capital adequacy in light of the full range of risks facing the Lam (1999) argues that “managing risk by silos simply doesn’t bank or bank .5 Internationally, the Basel work, because the risks are highly interdependent and cannot Committee on Banking Supervision extended the framework be segmented and managed solely by independent units” in the

FRBNY Economic Policy Review / March 2001 3 firm. Similarly, a senior executive at a major U.S. bank asserts and financial institutions’ emphasis on enhanced under- that “the careful identification and analysis of risk are, standing of the risk/return trade-off among different activities however, only useful insofar as they lead to a capital allocation reflect a common emphasis on the importance of accurate system that recognizes different degrees of risk and includes all assessments of risk. elements of risk” (Labrecque 1998). In contrast to the supervisors, however, the primary implication that Lam and others draw from this finding concerns the role that consolidated risk management systems can play in helping firms to make better-informed decisions Understanding the Role about how to invest scarce capital and . For of Consolidated Risk Management instance, Mudge (2000) stresses that a consistent framework for evaluating firmwide risk and return across diverse financial The discussion above reflects a well-established belief on the activities is a key to evaluating the benefits of potential mergers part of financial institutions and supervisors in the importance among banking and insurance firms. Similarly, Lam (1999) of consolidated risk management. But what economic argues that consolidated risk management systems can help fundamentals underlie this belief? In this section, we assess the firms understand the risk/return trade-offs among different views of supervisors and financial institutions and try to place business lines, customers, and potential acquisitions. them in a common framework. We do not attempt to address 7 Furthermore, consolidated risk management may allow a firm the question of why firms choose to manage risk at all. Instead, to recognize “natural hedges”—when one entity within the we try to understand why it matters whether risk is managed on firm has positions or is engaged in activities that the a consolidated basis or at the level of individual businesses or risks within a firm.

While both supervisors and financial institutions agree on the importance of The Supervisors’ View: Spillover Effects

consolidated risk management and point We first consider the view expressed by supervisors in the Joint to the same driving factors, their Forum paper (1999a), namely, that in the absence of conclusions about the role that these consolidated risk management, significant risks could be overlooked or underestimated. To gain some insight into this systems can play emphasize quite view, it is helpful to consider a simple portfolio approach to different concerns. assessing the risk of a diversified financial firm. This approach helps illustrate how the perception of the overall risk facing the firm would differ if institutions managed their risk in an positions or activities of another part of the firm—that may integrated way instead of by individual businesses or legal become apparent only when risk is examined from the entities within the larger organization. perspective of the consolidated institution. Firms that fail to To begin, suppose that a financial firm has two business recognize the diversification effects of such natural hedges may lines, each of which earns profits that vary uncertainly over waste resources on redundant hedging by individual units time. Application of standard portfolio theory suggests that the within the organization. risk of the overall firm will depend on the variation in each Thus, while both supervisors and financial institutions agree unit’s profits and the extent to which variation in these profits on the importance of consolidated risk management and point is correlated between the two units. In particular, the risk facing to the same driving factors, their conclusions about the role the consolidated firm will be less than or equal to the sum of the that these systems can play emphasize quite different concerns. risks facing the individual business units within the firm At one level, this difference is not surprising, given the different whenever this correlation is less than perfect. In this situation, objectives of supervisors and financial institutions (safety and the profit variation in one unit diversifies the risk of the other.8 soundness, on the one hand, and profit maximization, on the The importance of this observation for our purposes is that other). On another level, these concerns are not necessarily it suggests that establishing risk monitoring and control (such mutually exclusive. Indeed, in the next section, we argue that as limits) at the business level and then summing up across supervisors’ emphasis on underestimation of firmwide risk business lines would be a conservative approach to managing

4 The Challenges of Risk Management and assessing the overall risk facing the firm, since it ignores firm faces the “portfolio insurance” problem in that the actions any potential diversification effects across business lines. This of one unit affect the risks facing another.10 conclusion stands in marked contrast to the arguments These spillover effects can be enhanced during times of crisis advanced by supervisors in favor of consolidated risk or severe market disruption. A firm that manages risk on a management. How can we reconcile these two outcomes? unit-by-unit basis may have to spend valuable time simply The answer, of course, is that the simple portfolio example determining what its aggregate position is in the affected misses some important “real world” aspects of financial risk markets, rather than being able to react to quickly developing and risk management. Perhaps the most significant of these is market conditions. Since nimbleness in responding to the assumption that the risks facing each business unit are fixed problems can affect outcomes favorably, such firms may be at and known. In fact, these risks are functions of many factors a disadvantage compared with smaller firms (for instance, that can vary significantly over time. In particular, the simple compared with a series of smaller firms that are comparable in portfolio example assumes that the risk profile of one business the aggregate to the diversified financial institution) and compared with large firms with consolidated risk management systems. Such a situation is an example of how the structure of Spillover effects can be enhanced during the risk management system—as distinct from any ex ante risk- times of crisis or severe market disruption. mitigating actions taken by the firm’s risk managers—may affect the aggregate risk facing the firm. Nimbleness is A firm that manages risk on a unit-by-unit especially important if market disruption spreads rapidly from basis may have to spend valuable time market to market in a hard-to-anticipate pattern, as it did in 1997-98. simply determining what its aggregate In fact, the financial crisis in the fall of 1998 provides some position is in the affected markets, rather interesting insights into the importance of consolidated risk than being able to react to quickly management and measurement systems when there are linkages across markets. International bank supervisors developing market conditions. conducted a study of the performance during the market upheaval of ’ risk management systems and the value-at- risk models used to calculate market risk capital requirements line can be measured without regard to the risks undertaken by (Basel Committee on Banking Supervision 1999c). The study the other. This assumption is not a statement about the degree examined information on the stress testing done by large banks of correlation between the risks faced by the two business units, in several G-10 countries and found that ex ante stress test but rather the idea that the underlying volatility of one business results provided a better picture of actual outcomes during the line’s profitability may be affected by the actions of another third quarter of 1998, when those tests were based on actual business line. historical experience or hypothetical scenarios that An example of this relationship might be when two or more incorporated simultaneous movements in a range of rates and geographic centers within a global financial firm have similar prices, rather than on large movements in a single market risk positions that they have each hedged in a particular or factor. Thus, firms whose stress testing and risk management market. In the absence of a consolidated risk management systems recognized potential linkages across markets had more system, the various units could be unaware of the positions that realistic estimates of the way events in the fall of 1998 were 9 other units within the firm have taken. Each unit assumes that likely to affect their firms. its position is small enough that it would be able to roll over its Another way in which spillover effects can result in hedges or otherwise take steps to reduce its risk even in the aggregate risk exceeding the sum of the individual risks of event of market stress. However, when the various business business units within the firm concerns what might be called units try to take these steps simultaneously, their combined reputational or contagion risk. As discussed in the Joint Forum activity reinforces the liquidity problems facing the market, report (1999a), this is the idea that problems in one part of a resulting in sharp, adverse moves in the market prices of the diversified firm may affect confidence in other parts of the hedging and/or underlying instruments. Thus, losses at firm. The situation that the Joint Forum paper appears to have individual units exceed the risk assumptions made in each in mind is one in which such problems cause acute, near-term unit’s individual risk management plans and the aggregate funding or liquidity problems across the firm, due to questions position of the firm is therefore riskier than the sum of the about whether the losses in the troubled business unit are assumed individual risks of the business units. In essence, the evidence of as-yet-unrevealed losses in other business lines.11

FRBNY Economic Policy Review / March 2001 5 Aside from such near-term concerns, spillover effects can within a diversified firm offset one another. The consolidated also have a longer run dimension. For example, innovative firm would appear to have incentives to manage its risk on an businesses or those involving massive technology aggregate basis whenever these diversification benefits are non- can engender what some analysts call “strategic risk.” Failure in negligible. At its heart, this is the logic that Lam and others in such ventures may be highly visible and thus likely to have the financial services industry have applied in support of spillover effects on other businesses through the , consolidated risk management: the idea that a diversified the cost of funding, and revenue effects through the loss of financial firm should be viewed as a “portfolio” comprising its customer approval. Thus, other business lines associated with different units and business lines. the troubled entity may see their franchise value erode as a This view is closely related to the broader question of how result of difficulties in an affiliated unit. Such strategic risk may firms decide which activities are coordinated within the firm be particularly important for institutions for which customer and which activities are coordinated through markets. This trust is a key competitive advantage. Adverse publicity, legal question has long interested economists, and we can draw on the insights of this “theory of the firm” literature to enhance our understanding of the role of consolidated risk Certain important risks may be very management. Coase (1937) first noted that the efficiency of difficult, if not impossible, to incorporate markets might be expected to lead firms to rely on markets and contracts with third parties to conduct their activities, but that into risk management systems that focus in fact many decisions are made, coordinated, and executed by on individual business units or types of internal mechanisms such as reporting hierarchies, production organization, and compensation plans. Coase’s insight was that risk alone within a diversified firm. a firm carries out inside the firm those activities that it can manage internally at a cost lower than the information and transaction costs involved in purchasing corresponding judgments against the firm, evidence of fraud or internal theft, services or goods outside the firm. or high-profile failed business ventures may erode customer Since the mid-1970s, economists have further developed confidence in an institution. In the extreme, such concerns may and extended the Coase analysis by elaborating more fully on reach the point where the affected firm is no longer viable as an 12 the roles of contracting for goods and services and the ongoing concern, even though it may technically be solvent. ownership of in determining what is coordinated within This discussion of spillover effects suggests that supervisors’ the firm and what is coordinated by markets. Grossman and concerns that disaggregated risk management systems Hart (1986) noted that the combination of uncertainty and understate the risks facing diversified financial institutions may complexity makes contracting with inside or outside parties not be without foundation. Certain important risks may be difficult. In the presence of less than fully specified contracts, very difficult, if not impossible, to incorporate into risk ownership and control of assets is synonymous with ownership management systems that focus on individual business units or of the rights not otherwise covered by contract. Thus, the ease types of risk alone within a diversified firm. Consolidated risk or difficulty of contracting plays a major role in determining management systems therefore may be necessary to obtain an what occurs inside the firm. Ownership demarcates the accurate picture of the risks facing a firm and to have in place boundary of the firm’s internal activities, which often involve the procedures needed to manage those risks, both on a day-to- the “noncontractible” aspects of the firm’s activities. In the day basis and in stress situations. In this light, supervisors’ Grossman and Hart analysis, bringing activities under concerns can be seen not so much as a desire for firms to have common ownership (integration) makes economic sense risk management systems that are conservative, but instead for whenever efficiency gains from improved information and firms to have risk management systems that are accurate. coordination within the firm exceed the efficiency losses resulting from the reduced entrepreneurial incentive of the manager who is no longer an owner. Consolidated Risk Management The basic implication of this literature is that activities will and the Theory of the Firm be performed inside the firm when the complexity or costs of performing them outside the firm are high. For a diversified Concerns about understating firmwide risk exposures financial firm, these insights can be applied to interactions notwithstanding, disaggregated risk management systems may between the various units within the firm. In this setting, we also miss instances in which the risks from different units can think of activities conducted by a corporate parent on a

6 The Challenges of Risk Management firmwide basis as coordination “inside” the firm, while formally.14 In their model, financial institutions fully hedge activities conducted independently by separate units of the risks for which liquid markets are available. Financial firm are analogous to the “market” activities discussed in Coase institutions have incentives to engage in risk management and in Grossman and Hart. Following this logic, risk whenever they face risks that cannot be traded in liquid management and other corporate control activities will be markets because they need to hold capital against the conducted on a consolidated basis when it is too difficult or nontradable positions according to the amount of risk in the costly for the individual business units to contract among themselves. The type of spillover effects and interrelated risks discussed That consolidated risk management above arguably create just such a situation. When the actions of allows the firm to allocate capital one business unit in a diversified firm potentially affect the risks faced by others, the contracting problem—in this case, efficiently further reinforces the what risk exposures may be undertaken by the various business interdependence between a firm’s units within the firm—becomes very complex to solve on a bilateral basis. In such circumstances, the incentives to create a business units. centrally run, consolidated risk management system may be strong. portfolio.15 The desirability of any given depends on the extent to which its nontradable risk is correlated with the nontradable risks of the firm’s other portfolio positions. Fungibility of Financial Resources Drawing this point to its logical conclusion, Froot and Stein argue that “this line of reasoning suggests that the right That consolidated risk management allows the firm to allocate question is not whether or not the bank should centralize its capital efficiently further reinforces the interdependence decisionmaking, but rather how often headquarters should between a firm’s business units. The fungibility of capital gather information and use this pooled information to help within the firm—what some have called a firm’s internal guide investment decisions.” capital market—means that the risks undertaken by one unit The firm’s liquidity resources (assets that can be liquidated can affect the resources available to another through the as well as funding sources that can be tapped) can be viewed as workings of the internal capital market. In considering risk in fungible across the firm in much the same way that capital is relation to the capital resources available to back that risk, then, fungible (in the absence of regulatory or other constraints). For an additional dimension is that those resources may also be this reason, liquidity resources virtually always are coordinated called into play to back the activities of other units within the centrally for the firm as a whole (Basel Committee on Banking 13 firm. Supervision 2000a). These resources are available to provide The financial institution’s internal capital market is itself an needed to meet obligations, especially in contingency example of coordination within the firm potentially being situations such as market distress. more efficient than external markets. Gertner, Scharfstein, and This interdependency suggests that consolidated risk Stein (1994) attribute the efficiency of internal capital markets management systems should take liquidity considerations into to the strong incentive that owners have to monitor capital use account. Liquidity risk assessment requires knowledge of the relative to debtholders, especially if many aspects of the firm’s size and nature of the firm’s risk positions, while the firm’s capital use are not limited by the debtholders’ contract. In liquidity risk position should influence the amount and type of addition, capital allocated to an unsuccessful project can be risk that business managers choose to take. One approach to shifted to another use within the firm at less cost than would be recognizing this connection is to extend the concept of capital involved in liquidating the assets of the project in the market, if adequacy to encompass the ability to liquidate assets or easily capital and resources in one use are close enough substitutes for fund them, as is intended by the Securities and Exchange those in other activities. As discussed earlier, these benefits are Commission’s capital rule for registered broker-dealers. offset by a reduction in incentives to managers who no longer Alternatively, an integrated risk assessment approach could act like owners. consider liquidity risk along with market, credit, and other Froot and Stein (1998) offer a model of capital allocation risks in scenario analyses intended to test the impact of the and capital structure for financial firms that develops the scenario on capital adequacy (and ultimately solvency) and relationship between risk management and capital allocation liquidity, in a test of dual constraints.

FRBNY Economic Policy Review / March 2001 7 Finally, the risks introduced by leverage reinforce the need above by providing meaningful information about the true to evaluate risk on a firmwide basis. Most financial firms are extent and nature of linkages between various businesses leveraged, and over the course of the 1990s analysts in financial within the consolidated firm.17 Thus, these systems can provide institutions and their supervisors have recognized that many an important tool for management to address the moral methods can be used to increase leverage in addition to concerns of creditors and to obtain better borrowing terms as a increasing balance sheet debt to equity, such as taking positions result. through the use of derivatives and imbedded optionality. Since Spillover effects, the fungibility of resources, and the leverage increases the risk supported by capital, a sophisticated concerns of debtholders and creditors suggest that firms have risk assessment should incorporate the combined effects of all strong incentives to measure risks well, to take advantage of sources of market and credit risks, of liquidity risk, and of leverage on capital. This point was made by the Counterparty Risk Management Policy Group (1999) in its private sector Consolidated risk management systems . . . report on lessons learned from the 1998 de facto failure of facilitate better disclosure by providing a Long-Term Capital Management, a large . The report suggests several measures that can be used to conduct a consistent and comprehensive assessment risk and capital or liquidity adequacy analysis. of the firm’s true risk exposure that can be used by creditors to monitor the institution’s activities. Debtholders and Other Creditors

Financial institutions may have additional incentives to engage diversification benefits, and to manage capital and liquidity in consolidated risk management because of the concerns of efficiently. In the next section, we examine why firms have not debtholders and other creditors.16 In agreeing to extend credit, been faster to adopt consolidated risk management to take these parties must take into account the incentive advantage of even small diversification effects and why both that the firm has to increase its risk exposure—to the benefit of industry and supervisory efforts have been necessary to the firm’s shareholders and the detriment of its creditors— encourage its use. once the credit has been extended. This situation is particularly acute for financial firms, which can change their risk profiles relatively rapidly using derivatives and other liquid financial instruments. In the face of this uncertainty, creditors may charge higher rates or offer less favorable nonprice terms (for Obstacles to Creating Consolidated instance, shorter maturity or higher collateral) than they would Risk Management Systems if this incentive could be addressed. Consolidated risk management systems provide a way for That firms have not immediately adopted consolidated risk financial institutions to make a credible commitment against management systems suggests that there are significant costs or such behavior. In particular, these systems facilitate better obstacles that historically have led firms to manage risk in a disclosure by providing a consistent and comprehensive more segmented fashion. While the firm can invest in two assessment of the firm’s true risk exposure that can be used by business activities, as discussed above, it finds the two activities creditors to monitor the institution’s activities. In the absence to be in some sense segregated, so that taking advantage of of such systems, it can be significantly more difficult for diversification effects engenders costs. The segregation can be analysts to draw an accurate picture of the firm’s overall risk geographical (such as New York versus London) or conceptual exposure, even if the individual units within the firm make (for example, versus over-the-counter options). extensive disclosures of their risk profiles. Furthermore, the centralized and independent risk management units that nearly always are a key feature of consolidated risk management systems provide an internal check against any incentives for Information Costs individual units or employees within the firm to hide risk exposures from senior management. Finally, the enhanced Segregation creates two kinds of costs. The first is information disclosure made possible by consolidated risk management costs—the costs of integrating and analyzing information from systems may mitigate some of the spillover effects described the two business lines. Those costs involve both the resources

8 The Challenges of Risk Management involved in transmitting, recording, and processing the approach used to manage most international businesses in the information and the amount of decay in the time value of the 1970s and 1980s. information, reflecting the lags in assembling and verifying Finally, the value of information has risen as the pace of information. At any given moment, there may be competing developments has picked up and the complexity of financial information technologies with similar scale effects, but a relationships among markets and counterparties has increased. different mix of costs in terms of monetary outlays and time If we interpret the increased speed of events as an increase in to assemble information (for instance, a highly automated the variability of the risks and correlations associated with a process versus a manual one). financial firm’s different business lines, then, ceteris paribus, Information costs are shaped largely by technology. firms would tend to set necessarily more conservative limits on Information systems tend to have substantial fixed costs that their activities—perhaps in line with the maximum possible usually increase with the size of the information system, but values of the risk exposures of their various units.20 Since these low marginal costs until the particular system approaches maxima would rarely be observed together in practice, there capacity. To reflect that, we consider the total information cost would appear to be substantial opportunities for gains from identifying and responding to changes in the diversification benefit. But greater volatility in the underlying risk Improvements in technology reduce fixed relationships also changes the set of relevant information technologies, since at any scale of activity most “low-tech,” information costs, make it possible for time-intensive techniques become unacceptably costly, firms to take greater advantage of reflecting the rapid decay in the value of information. Thus, in diversification benefits, and increase the a more volatile environment, we might expect the ability to design and implement effective technology-intensive risk scale on which certain businesses can management information systems to represent a significant be conducted. dimension of competitiveness for financial institutions seeking to operate in a large number of markets.21 function to be a step function increasing discretely as the scale of the business increases. For a given volume of information, Regulatory Costs then, the value of recognizing the impact of diversification— which is a function of the amount of diversification inherent in Regulatory barriers to moving capital and liquidity within a the firm’s activities—needs to exceed the information costs for financial organization impose another cost that inhibits the use the scale of the firm’s business in order for the firm to invest in of consolidated risk management. These barriers can take the the information infrastructure. In essence, the firm maximizes form of business line capital and liquidity requirements set by its expected profits subject to a capital constraint by choosing regulators, prohibitions or limits on capital and funds that can the business mix, the scale of business, and the information be transferred from one business line to another, or the technology (or none) to manage risk.18 necessity of seeking prior approval or giving prior notice to Information costs will tend to limit the size of the business move funds between business lines. Most commonly, business for a given level of capital. If the firm finds the cost of lines segregated from one another by such regulatory information high relative to the diversification benefit, the firm requirements are in different locations or different legal will manage each business separately, and in doing so, it will entities, subjecting the two business lines to different assign relatively high amounts of capital to each business line as regulations. However, similar types of costs can be imposed by if there was no diversification benefit. As a result, the scale of rating agencies, creditors, or even when the the firm’s overall business will be lower than it would be when requirements or expectations they set differ across individual diversification effects can be realized.19 entities. Improvements in technology reduce fixed information As with information costs, we can consider the regulatory costs, make it possible for firms to take greater advantage of costs to reflect both monetary outlays to manage or circumvent diversification benefits, and increase the scale on which certain regulatory barriers and the waiting period or decay in profit businesses can be conducted. For example, improvements in opportunities in the time needed to comply with or overcome information technology permit banks and securities firms to regulatory costs. While in some cases regulatory requirements manage single “global books,” in contrast to the regional can make it virtually impossible to move capital or liquidity

FRBNY Economic Policy Review / March 2001 9 from one business line to another in the short run, in many As argued above, one key motivation for consolidated risk cases regulatory requirements can be satisfied at some cost. The management is to enable firms to make more informed cost of managing and circumventing regulatory requirements judgments about where to invest their scarce capital resources, appears to have dropped substantially through the use of in particular, about where to expand through acquisition or derivatives, techniques, and other financial internal growth. Firms in weakened financial condition are engineering. Indeed, a recurring pattern in unlikely to be in a position to fund such growth—even into is the erosion of regulatory requirements through financial lines of business where the institution’s risk/return trade-off is innovation and regulatory arbitrage and their eventual repeal. That pattern dates back at least to the creation of the Eurodollar market in the 1960s and the subsequent slow removal of Intensive work on consolidated risk deposit ceilings and many reserve requirements. If regulatory management has coincided with the circumvention is not possible, in the longer term the firm can plan its organization and its capital and funding strategy to rebuilding of the financial strength of create more flexibility in managing regulatory requirements, many banking following usually at the cost of holding excess capital and liquidity in some units. the difficulties of the late 1980s and Therefore, for a given scale of its various businesses, there early 1990s. are regulatory costs that the firm can minimize to some extent. Once again, the firm will invest in information technology and management of regulatory requirements only if the highly favorable—so they have less incentive to invest in the diversification benefits (taking into account the ability to consolidated risk management systems that would permit manage capital and liquidity on a very short-term basis under them to identify such opportunities. The improved financial contingencies) are seen to exceed the information and condition of many institutions since the early part of the 1990s regulatory costs. Moreover, the reduction of regulatory barriers therefore may have provided an additional incentive for firms to moving capital and liquidity within the firm enables the to develop and implement consolidated risk management development or enlargement of the firm’s internal capital systems. market and increases the gains from pooling risk measurement Declining information costs, eroding regulatory barriers, information within the firm as well as the firm’s overall and stronger financial condition present fairly stylized efficiency. explanations for increased attention by financial institutions to consolidated risk management and internal capital allocation activities. However, the optimization problem faced by firms is Financial Condition more complex than we have described. Holmstrom and Roberts (1998) provide many examples of the rich variety of Intensive work on consolidated risk management has mechanisms used to coordinate activities within and among coincided with the rebuilding of the financial strength of many firms and the multiplicity of factors that influence the banking organizations following the difficulties of the late coordination decision. The examples particularly illustrate the 1980s and early 1990s. For instance, a 1998 Federal Reserve roles that incentives in internal (implicit) and external study of models (Federal Reserve System Task Force contracts and information flows play in resolving complex on Internal Credit Risk Models 1998) notes that large U.S. coordination problems, including overcoming regulatory 23 banks have begun to develop both advanced credit risk barriers. The implication is that coordination mechanisms modeling and internal capital allocation systems only since the used by individual firms may change as a wide variety of factors mid-1990s—just the period over which these institutions change. The current importance of consolidated risk recovered from the financial stresses of the earlier part of the management as a goal for many financial institutions could be decade. These internal capital allocation systems are one of the enhanced or complemented by further advances in key elements in banks’ attempts to evaluate the risk-adjusted information technology and monitoring techniques, new performance of their various business units. As such, they designs for incentive contracts with employees and outside represent an important step in the progress toward full-fledged agents, better public and private information flows, and greater consolidated risk management systems.22 liquidity of financial markets. This financial rebuilding may also have contributed to the Even so, the decline of information costs and the erosion growing emphasis on consolidated risk management systems. and repeal of regulatory barriers have been so great that many

10 The Challenges of Risk Management of the principal hurdles to consolidated risk management these two dimensions may be similar, the details differ within a financial conglomerate involve problems in considerably, making simple “bottom-up” aggregation measuring, comparing, and aggregating risks across business approaches difficult, if not impossible, to implement. lines. The ability to merge banks and insurance companies Aggregating across business lines presents challenges under the Gramm-Leach-Bliley Act provides financial because firms and functional supervisors in the different institutions with new opportunities to diversify risks and business lines have tended to approach risk management and expand internal capital markets and creates further impetus to measurement from quite different perspectives. For instance, develop consolidated risk management techniques for financial banks traditionally have emphasized the risks arising from the conglomerates. Thus, both firms and supervisors are probably side of the balance sheet (credit risk) and from the closer today in their common interest in accurate and precise interaction of assets, liabilities, and off-balance-sheet positions risk measurement than they were just five years ago. (, liquidity risk). Insurers, in contrast, have tended to place emphasis on the risks arising from the liability side of their business (underwriting risk, catastrophe risk). Securities firms have tended to emphasize the combination of market risk and liquidity (meaning both the ability to fund or Major Technical Challenges to sell an asset) in their portfolios. Of course, advances in and Research Questions financial theory and market practice have eroded these distinctions somewhat, and many firms now attempt to The previous sections discussed the economic rationale behind consolidated risk management and some of the costs facing diversified financial firms in constructing such systems. In this Our goal is to highlight a series of practical section, we turn to some additional practical problems issues where additional research by risk associated with this overall goal. Our goal is to highlight a series of practical issues where additional research by risk management practitioners and by management practitioners and by academics would be academics would be especially beneficial. especially beneficial. In particular, we describe some of the technical challenges involved in actually estimating an aggregate measure of risk for a diversified financial institution measure the way in which risks can interact and affect an entire and suggest some areas where further research could help both institution.25 Nonetheless, one of the key challenges of financial institutions and supervisors understand the strengths consolidated risk management is to integrate these different and weaknesses of such aggregate risk management. perspectives on risk into a coherent framework. At a very general level, there does appear to be an emerging A related set of challenges arises when aggregating across consensus about how various forms of risk should be different types of risk. These challenges reflect the fact that at quantified. Most risk measurement methods used by major many financial institutions, risk measurement and financial institutions are intended to capture potential losses management began as a bottom-up process, with different over some future horizon due to the risk in question. These types of risk measured separately. A particular business area methods can use a probability-weighted approach to would develop risk measurement approaches to capture the estimating potential losses (as in a value-at-risk or earnings-at- most important risks facing that unit: credit risk for lending risk system, where the distribution of future earnings is activities, market risk for trading, interest rate risk for the calculated) or can provide point estimates of potential losses treasury/asset-liability management function. This risk-by-risk under certain extreme circumstances (as in a stress test or approach has resulted in industry standards of risk scenario analysis approach or in an “expected tail loss” measurement that differ significantly across risk types, and estimation). The common thread is the focus on potential sometimes across activities with similar risks, both in the way 24 future losses, either to earnings or economic value. that risk is measured and in the extent to which it is quantified Beyond this general consensus, however, the picture is at all. considerably more complex. As noted above, an aggregate risk To a large extent, the state of development of modeling measure must incorporate different types of risk (market, technology across the various risks reflects the availability of credit, operational) and must bring together risks across data and the nature of the risk itself, which can affect the ease different business lines (banking, insurance, securities). or difficulty involved in accurately modeling the risk. At one Although the broad risk concept applied within and across end of the spectrum, the banking and securities industry has a

FRBNY Economic Policy Review / March 2001 11 now fairly long history of measuring market risk through of events and the sensitivity of cash flows to these events, both value-at-risk models. The fact that value-at-risk models were to enhance day-to-day liquidity management and to among the first models developed reflects the strengthen the underpinnings of liquidity stress scenarios. high-frequency and largely continuous nature of market risk Finally, at the far end of the spectrum, other risks—such as and its management,26 the mark-to-market environment in legal, reputational, and strategic risk—are rarely quantified, as which most trading activities occur, and the resultant ease of both the data and theoretical techniques for capturing these modeling (normality has often been assumed) and availability risks have yet to be developed extensively. of comparatively long historical data series around which to Even for those risks that are measured, important calibrate the models. differences exist in the assumptions and techniques used to Credit risk tends to exhibit somewhat lower frequency estimate potential losses. One key issue is the time horizon over variation, as changes in credit status tend to evolve over weeks which potential losses are to be measured. As noted above, the or months rather than on a day-to-day basis. Thus, fewer risks facing financial institutions vary in the extent to which they are continuous or discrete, in how quickly new events develop, and in the size of events when they occur (many small At many financial institutions, risk events versus a few large ones). These differences imply the measurement and management began as need for different horizons to capture different risks effectively. In fact, we see these differences in the assumptions underlying a bottom-up process, with different types the risk estimates made by financial firms, with market risk of risk measured separately. typically measured over a one-day horizon, credit risk typically measured over a one-year horizon, and operational risk measured over a variety of short and long horizons (an industry historical data are available to aid in model calibration, and the standard has yet to emerge). modeling process itself is more complex, as the distribution of These differences present a challenge for calculating credit losses is quite asymmetric with a long right-hand tail.27 consolidated risk exposures that span several risk types. Should Financial institutions have made considerable progress over a single horizon be chosen for all risks and, if so, which one? the past two or three years in credit risk modeling, but it is fair Should the time dimension be explicitly factored into the risk to say that these models are at an earlier stage of development assessment, with paths of risk over time? More generally, issues than the value-at-risk models used for market risk assessment.28 Even further down the spectrum is operational risk—the Perhaps a more fundamental question is risk stemming from the failure of computer systems, control whether a consolidated risk management procedures, and human error—which captures a mixture of system needs to have a fully consolidated events, some of which involve relatively frequent small losses (settlement errors in a trading operation, for instance) and risk measurement methodology at its core. others that are characterized by infrequent but often large losses (widespread computer failure). Consistent data sources on this form of risk are difficult to obtain, especially for the less such as differing horizons suggest that there is an important set frequent events; statistical modeling is in its early stages; and of research questions concerning methods for calculating the computational requirements may be substantial, given the aggregate risk measures. At a very basic level, can the different number of “control points” in most operational processes. individual risk measurement approaches typically used within Liquidity risk measurement involves many similar issues financial firms be meaningfully aggregated? If so, how? If not, of sorting the frequency of different types of events and is it possible to develop a “top-down” approach that somehow developing appropriate data. Liquidity risk measurement has blends the risks facing the firm without measuring them long involved scenario analysis focused on stress events and separately, such as an analysis of income volatility? Is there based on subjective probabilities of how depositors, other some way of combining “top-down” with “bottom-up” creditors, and borrowers would respond to the stress event. As approaches to consolidated risk measurement? And how does risk measurement techniques have advanced, some financial the growing attention to evaluating performance against risk in institutions are examining the potential for cash-flow-at-risk rewarding managers at all levels of the organization factor into analysis, based on more formal measurement of the probability these decisions?

12 The Challenges of Risk Management A related set of issues concerns the mathematical biases might enter the assessment of aggregate risk if this aggregation of risk measures across businesses and risk types. assessment is based on disparate risk measures? How might In most cases, this process would involve estimating comparisons of risk and return across business lines be correlations between various risk exposures. An important affected? How can we relate the results of stress scenario challenge in this regard is measuring the degree of correlation analysis to statistical measures of risk exposure? Are there limits between risks in businesses that are distinct in terms of the to how different the various risk measures can be, yet still be sources and frequency of variability (for instance, between useful in a consolidated risk management system? These are insurance underwriting and trading). The data demands of important, unresolved issues. producing accurate estimates are likely to be enormous. Even when aggregate risk measures can be calculated, a related challenge is how to apportion the benefits of diversification across various business lines. That is, if less-than-perfect correlation across distinct business lines results in a decrease in Conclusion the overall risk facing the firm, how should these benefits be allocated back to the various business units in the internal As the above discussion suggests, there is considerable scope capital allocation process? for further research to enhance our understanding of the This discussion assumes that to produce a consolidated benefits and shortcomings of consolidated risk management. measurement of risk exposure, it is necessary to develop risk Many of the key research questions involve technical issues in measures that are highly comparable across risk types. risk measurement and financial series modeling. While these However, perhaps a more fundamental question is whether a questions are vital to understanding how to calculate a consolidated risk management system needs to have a fully consolidated measure of risk exposure spanning all of a consolidated risk measurement methodology at its core. In financial institution’s businesses and risk factors, they are not other words, how much comparability across risk measures is the only questions of interest. Further research into the main strictly necessary to have an effective consolidated risk question of this article—the economic rationale for management system? If risk measures cannot be made perfectly consolidated risk management—could produce findings that compatible across risk types and business lines, are there still would be of clear use to supervisors and financial institutions. benefits to imperfectly comparable measures? In addition, this work could provide insight into such diverse Our sense is that the answer to this question is likely to be a topics as the theory of the firm, the costs/benefits of resounding yes, largely because the ability to evaluate results diversification, the linkages among financial markets, and the against risks taken has become a major feature of financial impact of product and geographic . Our study institution management in the 1990s. Some important issues presents some initial ideas, but clearly much more work needs would need to be explored before understanding the full to be done. We hope that this article can serve as a starting implications of this conclusion. For instance, what kind of point for further discussion.

FRBNY Economic Policy Review / March 2001 13 Endnotes

1. It can also be argued that supervisors may place somewhat greater 6. This framework is best developed in “Principles for the weight on the risk of severe downside scenarios, given the nature of the Management of Credit Risk,” published in September 2000. The supervisory role, but the private sector appears to be closing any gap Committee has also published work on interest rate risk, in 1997; as a result of the insight gained from experiences such as the market operational risk, in 1998; and liquidity risk, in 2000. disturbances in 1998. 7. The work of Modigliani and Miller (1958) and Miller and 2. Firms vary in how they use the risk management process to Modigliani (1961) suggests that any risk-altering actions taken by a maximize profits. Some firms use risk-and-return measures in the firm’s management are redundant and resource-wasting because selection of their medium-term business mix in order to maximize shareholders can achieve their optimal degree of diversification long-run expected profits. Firms also use risk management systems to independently. See Cummins, Phillips, and Smith (1998) for a assist in managing expected profits over short horizons, by seeking to discussion of the factors—such as bankruptcy costs, , and costly identify changes in risk and loss potential and adjusting their external financing—that may make it worthwhile for firms to engage portfolios accordingly. in risk management.

3. In large measure, these efforts are an extension of a longer term 8. This relationship can be expressed mathematically as trend toward enhanced risk management and measurement in the σ = σ 2 ++σ 2 2ρσ σ ≤ σ+ σ , financial services industry. Many of these efforts have focused on FIRM A B A B A B σ σ developing risk measurement and management systems for individual where A and B are the profit volatilities of business units A and B risk types or businesses (for instance, market risk in a securities firm and ρ is the correlation between them. or credit risk in a bank’s portfolio). In consolidated risk management, however, the focus is on an expansion of these single- 9. This situation was not uncommon among globally dispersed risk-management systems to span diverse financial activities, institutions prior to the introduction of enhanced information customers, and markets. systems in the early-to-mid-1990s. Later in this article, we discuss the role of information costs and information systems in diversified 4. Mergers may occur for many reasons, including the desire to financial institutions. benefit from exactly the sort of diversification that presents challenges to risk management and measurement systems. In this discussion, we 10. Morris and Shin (1999) describe this problem in the context of distinguish between the broad diversification that may occur when multiple firms operating in a single market. They describe the errors firms comprise business units involved in distinct business activities in risk assessment that can occur when risk management systems (such as banking, insurance, or securities activities) or geographic assume that the firm’s activities are similar to playing roulette locations and the type of portfolio diversification that occurs when (gambling against nature), when in fact the risks are more like those in risk management units take steps to hedge portfolio- or business-level poker (where the actions of the other players matter). The same risk exposures. It is the first type of diversification—which has become analogy can be applied to risks within a firm. much more feasible given the regulatory and technical developments discussed in the text—that presents the sort of challenges we discuss in 11. Or, as discussed below, such contagion fears may arise because this article. market observers believe that the resources of all of the firm’s business units will be used to “rescue” a troubled unit, calling into question the 5. The evaluation of the adequacy of risks in light of a full risk solvency of all of the businesses within the firm. assessment is discussed in Federal Reserve SR Letter 99-18. Earlier in the decade, the Federal Reserve issued SR Letter 93-69, on the 12. The large investments that many financial institutions are making management of trading activities; SR Letter 97-32, on information in electronic trading and banking are examples of strategic risk related security; SR Letter 00-04, on outsourcing; and a series of papers on the to establishing the competitive position of a firm in a fast-changing management of credit risk in both primary and secondary market and greatly contested market. The problems many financial activities (SR Letters 99-3, 98-25, and 97-21). The Office of the institutions experienced in the mid-1990s—when customers Comptroller of the Currency and the Federal Deposit Insurance experienced large losses in connection with derivatives and complex Corporation have issued guidance using a comparable framework for trading strategies—are examples of strategic risk related to damage to a similar range of topics. the firm’s reputation.

14 The Challenges of Risk Management Endnotes (Continued)

13. Froot and Stein (1998) consider a variant of this risk—the rise in the idiosyncratic risk of equities in the 1990s, the last example bankwide cost of capital effect—that involves the impact of increased documented in Campbell, Lettau, Malkiel, and Xu (2001). capital costs on all units within a firm when one unit takes on large amounts of risk. 21. Gibson (1998) derives similar conclusions about the impact of declining information costs. In his approach, risk measurement is a 14. In the Froot and Stein analysis, banks choose their capital means to monitor risk-taking by employees when information about structure, risk management policies, and investment policies jointly, the managerial effort of those employees (or outside agents, such as rather than impose a short-run capital constraint. However, when mutual fund managers) is not observable by the employer. capital is costly, banks economize on the amount of capital they hold and therefore take risk management concerns into account in their 22. Typically, these internal capital allocation systems fall short of a investment policies. full-fledged consolidated risk measurement system, either because they incorporate only a limited range of the risks facing a financial 15. The example Froot and Stein give is the counterparty risk on a institution (for example, just credit risk or market risk, but not foreign exchange swap. With the advent of credit derivatives and other operational or other forms of risk) or because they are applied only to credit risk management techniques, such risks are increasingly a subset of the institution’s activities. tradable, by which Froot and Stein mean that the risks can be offset to achieve a zero net present value. Nontradable risks can include 23. The specific regulatory barrier they cite is the limitations on unhedged proprietary positions premised on subjective expected rates foreign ownership of domestic airlines. of return deviating from those of the market. Note that the reliance on markets for hedging for liquid risks and internal capital allocation for 24. Other potential definitions of risk could involve pure volatility nontradable risks is another version of the contractible/ measures, such as standard deviations of earnings or economic value, noncontractible distinction discussed earlier. or sensitivity measures that capture the of earnings or economic value with respect to particular risk factors, such as the 16. Other creditors here could include suppliers, consultants, and “value of a basis point.” other contractors who provide products or services in return for the promise of future payment. 25. Lewis (1998), for instance, describes how one insurance company examines stress scenarios that affect all aspects of the firm, such as an 17. This would be especially true if there were meaningful disclosures earthquake that simultaneously causes extremely high insurance about intrafirm exposures, as called for in a recent report by the Joint claims and disrupts financial markets—and thus the firm’s Forum (1999b). investments and investment income—for some period of time.

18. As information systems become more “scalable,” the step function 26. Of course, some market price series exhibit sharp, discontinuous may become flatter, in effect making it easier to realize and manage the jumps, such as those associated with emerging market developments diversification benefits from combining activities. and unexpected changes in exchange rate regimes. These factors have tended to be incorporated into value-at-risk models after the initial 19. This is also consistent with the analysis of Holmstrom and phases of model development. Milgrom (1994), which derives analytically that enhancements to performance measurement tend to permit greater employee freedom 27. To some extent, both the lack of data and the lower frequency (such as higher limits), although the authors caution that their analysis variation reflect the current GAAP (Generally Accepted requires a careful specification of the exact problem. Principles) accounting standards, which do not require the daily marking-to-market to which trading account positions are subject. 20. Correlations and volatilities have changed substantially over time. Thus, shorter term variation in value may not be reflected in the Examples include the sharp drop in volatilities in short-term interest accounting data typically available for use in credit risk models. rates associated with the decline in inflation in the 1980s and early 1990s; sharp increases in the correlations and short-term volatilities of 28. See Basel Committee on Banking Supervision (1999a) for a U.S. long-term fixed income instruments in times of distress; and a discussion of the state of development of credit risk models.

FRBNY Economic Policy Review / March 2001 15 References

Basel Committee on Banking Supervision. 1999a. “Credit Risk Coase, Ronald. 1937. “The Nature of the Firm.” Economica 4, no. 4 Modeling: Current Practices and Applications.” April. Basel, (November): 386-405. Switzerland: Bank for International Settlements. Counterparty Risk Management Policy Group. 1999. “Improving ———. 1999b. “A New Capital Adequacy Framework.” June. Basel, Counterparty Risk Management Practices.” June. Switzerland: Bank for International Settlements. Cummins, J. David, Richard D. Phillips, and Stephen D. Smith. 1998. ———. 1999c. “Performance of Models-Based Capital Charges for “The Rise of Risk Management.” Federal Reserve Bank of Atlanta Market Risk.” September. Basel, Switzerland: Bank for Economic Review, first quarter: 30-40. International Settlements. Federal Reserve System Task Force on Internal Credit Risk Models. 1998. ———. 2000a. “Sound Practices for Managing Liquidity in Banking “Credit Risk Models at Major U.S. Banking Institutions: Current Organizations.” February. Basel, Switzerland: Bank for State of the Art and Implications for Assessments of Capital International Settlements. Adequacy.” May.

———. 2000b. “Principles for the Management of Credit Risk.” Froot, Kenneth A., and Jeremy C. Stein. 1998. “Risk Management, September. Basel, Switzerland: Bank for International Settlements. , and Capital Structure Policy for Financial Institutions: An Integrated Approach.” Journal of Financial Board of Governors of the Federal Reserve System. 1993. “Examining Economics 47, no. 1 (January): 55-82. Risk Management and Internal Controls for Trading Activities of Banking Organizations.” SR Letter 93-69. December 20. Gertner, Robert H., David S. Scharfstein, and Jeremy C. Stein. 1994. “Internal versus External Capital Markets.” Quarterly Journal ———. 1997a. “Risk Management and Capital Adequacy of Exposures of Economics 109, no. 4 (November): 1211-30. Arising from Secondary Market Credit Activities.” SR Letter 97-21. July 11. Gibson, Michael S. 1998. “The Implications of Risk Management Information Systems for the Organization of Financial Firms.” ———. 1997b. “Sound Practice Guidance for Information Security Board of Governors of the Federal Reserve System International for Networks.” SR Letter 97-32. December 4. Discussion Paper no. 632, December.

———. 1998. “Sound Credit Risk Management and the Use of Global Derivatives Study Group. 1993. “Derivatives: Practices and Internal Credit Risk Ratings at Large Banking Organizations.” Principles.” July. Washington, D.C.: Group of Thirty. SR Letter 98-25. September 21. Grossman, Sanford J., and Oliver D. Hart. 1986. “The Costs and ———. 1999a. “Supervisory Guidance Regarding Counterparty Benefits of Ownership: A Theory of Vertical and Lateral Credit Risk Management.” SR Letter 99-3. February 1. Integration.” Journal of Political Economy 94, no. 4: 691-719. ———. 1999b. “Assessing Capital Adequacy in Relation to Risk at Large Banking Organizations and Others with Complex Risk Holmstrom, Bengt, and Paul Milgrom. 1994. “The Firm as an Incentive Profiles.” SR Letter 99-18. July 1. System.” American Economic Review 84, no. 4 (September): 972-91. ———. 2000. “Outsourcing Information and Transaction Processing.” SR Letter 00-04. February 29. Holmstrom, Bengt, and John Roberts. 1998. “The Boundaries of the Firm Revisited.” Journal of Economic Perspectives 12, Campbell, John, Martin Lettau, Burton Malkiel, and Yexuai Xu. 2001. no. 4 (fall): 73-94. “Have Individual Become More Volatile: An Empirical Exploration of Idiosyncratic Risk.” Journal of Finance 56, no. 1 (February): 1-43.

16 The Challenges of Risk Management References (Continued)

Joint Forum (Basel Committee on Banking Supervision, International Miller, Merton H., and Franco Modigliani. 1961. “Dividend Policy, Organization of Securities Commissioners, International Association Growth, and the Valuation of Shares.” Journal of Business 34 of Insurance Supervisors). 1999a. “Risk Concentration Principles.” (October): 411-33. December. Basel, Switzerland: Bank for International Settlements. Modigliani, Franco, and Merton H. Miller. 1958. “The Cost of Capital, ———. 1999b. “Intra-Group Transactions and Exposures Principles.” Corporation Finance, and the Theory of Investment.” American December. Basel, Switzerland: Bank for International Settlements. Economic Review 48 (June): 261-97.

Labrecque, Thomas G. 1998. “Risk Management: One Institution’s Morris, Stephen, and Hyun Song Shin. 1999. “Risk Management with Experience.” Federal Reserve Bank of New York Economic Interdependent Choice.” Bank of England Financial Stability Policy Review 4, no. 3 (October): 237-40. Review, no. 7 (November): 141-50.

Lam, James. 1999. “Enterprise-Wide Risk Management: Staying Mudge, Dan. 2000. “The Urge to Merge.” Risk Magazine. February, Ahead of the Convergence Curve.” Journal of Lending and p. 64. Credit Risk Management 81, no. 10 (June): 16-9.

Lewis, Robert. 1998. “Capital from an Insurance Company Perspective.” Federal Reserve Bank of New York Economic Policy Review 4, no. 3 (October): 183-5.

The views expressed in this article are those of the authors and do not necessarily reflect the position of the Federal Reserve Bank of New York or the Federal Reserve System. The Federal Reserve Bank of New York provides no warranty, express or implied, as to the accuracy, timeliness, completeness, merchantability, or fitness for any particular purpose of any information contained in documents produced and provided by the Federal Reserve Bank of New York in any form or manner whatsoever.

FRBNY Economic Policy Review / March 2001 17